Dive Brief:
- Sonic Automotive said car sales fell during a weekslong outage following a cyberattack on its software services provider, CDK Global, and the incident is “reasonably likely to have a material impact” on financial performance, the company said Friday in a filing with the Securities and Exchange Commission.
- The car dealership, a Fortune 500 company, expects adverse impacts to its second fiscal quarter earnings due to a “slower rate of vehicle sales” after June 19, when CDK said it discovered a cyberattack on its network. More than 15,000 car dealers across North America use CDK’s cloud-based services.
- Sonic Automotive said basic functionality of CDK’s dealer management system has been restored but other CDK systems and certain functions remain offline. CDK has previously declined to answer questions about the nature of the attack and was not immediately available to comment.
Dive Insight:
CDK last week said every customer would regain access to its dealer management system by July 4, but the privately held company has not provided a timeline for when it expects to bring other critical services online.
Sonic Automotive said CDK’s customer relationship management platform and certain functions of the dealer management system remain offline.
“Additionally, some third-party applications typically accessible through the affected systems also remain offline. The timing of restoration of full access to all affected systems remains unclear,” Sonic said in the filing.
CDK previously said its recovery would occur in phases, but warned some integrations with original equipment manufacturers and third-party vendors might be delayed.
Within days of the attack, Sonic joined four other major car dealers, including Penske Automotive Group, AutoNation, Group 1 Automotive and Lithia Motors, in filing similarly worded disclosures with the SEC. Sonic is the only company among the group to have filed an update as of Monday.